Jump to content

malfrank01

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I did remove Combofix per instructions. I must admit I am seriously impress with the process you used. I'm not an idiot, however, clearly you know a lot about this. Thanks for your help and time. You saved me some time and money so, in return, tomorrow I will purchase Malwarebyte. Are you aware if the identify of who created vundo.h is known and if (legal) authorities can/will do any thing? Again, thanks!
  2. I ran the fix.bat file. Results were: Deleted Successfully !! Press any key to continue ...
  3. 1. I encountered no problems while executing these steps. 2. My PC is functioning normally at the moement. This is not uncommon as Malwarebytes knocks it down to a point where it take time and/or a reboot for the popup's to start again. However, the online scan did detect some virus's that I have not previously detected. The two log files, (Combofix and Online scan) follow: ComboFix 09-10-14.06 - skeelsfr 10/14/2009 23:05.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1232 [GMT -4:00] Running from: c:\documents and settings\skeelsfr\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\skeelsfr\Desktop\CFScript.txt AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} file zipped: c:\windows\system32\fabarupa.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups c:\windows\system32\fabarupa.dll . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-13 17:09 . 2009-10-13 17:09 -------- d-----w- c:\windows\ERUNT 2009-10-13 17:03 . 2009-10-13 17:24 -------- d-----w- C:\SDFix 2009-10-13 15:55 . 2009-10-13 15:55 -------- d-----w- c:\program files\Trend Micro 2009-10-09 02:49 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 02:49 . 2009-10-09 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-09 02:49 . 2009-10-09 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-09 02:49 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-08 14:09 . 2009-10-09 14:49 -------- d-----w- C:\!KillBox 2009-10-08 14:01 . 2009-10-08 19:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-08 12:03 . 2009-10-08 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-08 12:03 . 2009-10-08 12:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-08 11:59 . 2009-10-08 11:59 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Malwarebytes 2009-10-07 18:08 . 2009-10-07 18:08 -------- d-----w- c:\documents and settings\skeelsfr\WINDOWS 2009-10-02 15:28 . 2009-10-02 15:28 -------- d-----w- c:\documents and settings\skeelsfr\Local Settings\Application Data\Citrix 2009-10-02 15:28 . 2009-10-02 15:28 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\ICAClient 2009-10-02 15:16 . 2009-10-02 15:31 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Download Manager 2009-09-30 18:07 . 2009-09-30 18:07 -------- d-----w- C:\AIP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 02:33 . 2009-09-02 14:30 -------- d-----w- c:\program files\PC Backup 2009-10-14 17:47 . 2008-12-01 13:43 -------- d-----w- c:\program files\RA2HP 2009-10-14 17:29 . 2009-08-20 12:17 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\mjusbsp 2009-10-06 23:22 . 2009-08-19 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-30 18:07 . 2009-08-19 20:50 76072 ----a-w- c:\documents and settings\skeelsfr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:03 . 2009-09-11 23:03 81 ----a-w- C:\CTX.DAT 2009-09-11 00:10 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Lexmark Productivity Studio 2009-09-10 11:43 . 2009-09-10 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2009-09-04 19:27 . 2009-09-04 19:24 -------- d-----w- c:\program files\Lexmark 3500-4500 Series 2009-09-03 18:24 . 2009-09-03 18:24 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Windows Search 2009-09-02 14:31 . 2009-09-02 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Email Backup Optimization 2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:\program files\HP 2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\FaxCtr 2009-09-01 14:34 . 2009-08-29 14:50 -------- d-----w- c:\program files\Lexmark Fax Solutions 2009-08-29 23:16 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Apple Computer 2009-08-29 23:10 . 2009-08-25 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-29 16:24 . 2009-08-25 11:19 -------- d-----w- c:\program files\QuickTime 2009-08-29 16:24 . 2008-11-25 15:51 -------- d-----w- c:\program files\PAL 2009-08-29 16:24 . 2009-08-19 01:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-29 16:23 . 2008-11-25 15:47 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-29 14:50 . 2009-08-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr 2009-08-29 14:50 . 2009-08-29 14:50 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint 2009-08-25 11:48 . 2009-08-25 11:37 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-25 11:20 . 2009-08-25 11:20 -------- d-----w- c:\program files\iTunes 2009-08-25 11:20 . 2009-08-25 11:20 -------- d-----w- c:\program files\iPod 2009-08-25 11:20 . 2009-08-25 11:19 -------- d-----w- c:\program files\Common Files\Apple 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\program files\Bonjour 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Windows Desktop Search 2009-08-23 17:55 . 2009-08-23 17:55 -------- d-----w- c:\program files\Windows Desktop Search 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\TomTom 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Millennia 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Libronix DLS 2009-08-21 00:58 . 2009-08-21 00:58 -------- d-----w- c:\program files\IBM 2009-08-21 00:57 . 2009-08-21 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM 2009-08-19 20:50 . 2009-08-19 20:50 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Sonic 2009-08-19 13:31 . 2009-08-19 13:31 -------- d-----w- c:\program files\SapInstSelectorv2 2009-08-19 13:31 . 2009-08-19 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-08-19 13:31 . 2009-08-19 13:31 286720 ------w- c:\windows\Setup1.exe 2009-08-19 11:42 . 2009-08-19 11:42 -------- d-----w- c:\program files\Common Files\ESRI 2009-08-19 11:42 . 2009-08-19 11:40 -------- d-----w- c:\program files\SAP 2009-08-19 11:42 . 2009-08-19 11:41 -------- d-----w- c:\program files\Common Files\SAP Shared 2009-08-19 02:59 . 2009-08-19 02:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\WebDrive 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\EDS 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\WebDrive 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\Pointsec 2009-08-19 02:59 . 2009-08-19 02:58 2097152 ------w- C:\PROT_INS.SYS 2009-08-19 02:58 . 2009-08-19 02:58 6 ----a-w- C:\VOL_CHAR.DAT 2009-08-19 01:31 . 2009-08-19 01:31 -------- d-----w- c:\program files\Microsoft Works 2009-08-19 01:31 . 2008-12-22 16:27 -------- d-----w- c:\program files\MSBuild 2009-08-05 09:11 . 1980-01-01 00:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 01:22 . 2009-07-31 01:22 27672 ----a-w- c:\documents and settings\hpadmin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-29 14:23 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:53 . 1980-01-01 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-17 18:55 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll 2006-12-29 20:15 . 2009-08-19 11:43 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2006-12-29 20:15 . 2009-08-19 11:43 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2006-12-29 20:15 . 2009-08-19 11:43 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx 2006-12-29 20:15 . 2009-08-19 11:43 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2006-12-07 15:26 . 2009-08-19 11:43 1129984 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt 2006-12-07 15:26 . 2009-08-19 11:43 1124864 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\skeelsfr\WINDOWS ---- ((((((((((((((((((((((((((((( SnapShot@2009-10-15_02.35.31 ))))))))))))))))))))))))))))))))))))))))) . - 1980-01-01 00:00 . 2009-10-15 02:25 79360 c:\windows\system32\perfc009.dat + 1980-01-01 00:00 . 2009-10-15 02:38 79360 c:\windows\system32\perfc009.dat + 1980-01-01 00:00 . 2009-10-15 02:38 465640 c:\windows\system32\perfh009.dat - 1980-01-01 00:00 . 2009-10-15 02:25 465640 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "cdloader"="c:\documents and settings\skeelsfr\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-07-08 115560] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_15\bin\jusched.exe" [2008-02-09 75256] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-11-25 5720072] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-13 297000] "IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-08-12 176128] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2009-05-05 864256] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2006-12-04 941424] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240] "AgentUiRunKey"="c:\program files\PC Backup\Agent.exe" [2009-03-10 244536] "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120] "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\Main pgm.exe" [2009-09-10 1312080] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-13 128552] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-30 197904] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableNT4Policy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2008-05-13 09:20 109568 ----a-w- c:\windows\system32\ackpbsc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2008-05-13 09:20 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2007-05-15 20:13 49152 ----a-w- c:\windows\system32\pcsinst.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RADUISHELL.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"= "c:\\WINDOWS\\system32\\lxdicfg.exe"= "c:\\WINDOWS\\system32\\lxdicoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\WINDOWS\\system32\\dllhost.exe"= "c:\\Documents and Settings\\skeelsfr\\Application Data\\mjusbsp\\magicJack.exe"= R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [12/4/2006 5:49 PM 235392] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/1/2008 6:23 AM 24064] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/13/2008 5:20 AM 198184] R2 AgentService;AgentService;c:\program files\PC Backup\AgentService.exe [3/10/2009 6:15 PM 6608192] R2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\HPAVAD~1\avChgSvc.exe [11/25/2008 12:21 PM 238080] R2 EdsEncryptionMonitor;EDS Encryption Monitor;c:\program files\EDS\UCR\EdsEncryptionMonitor.exe [6/19/2007 12:01 PM 40960] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] R2 Pointsec Connect;Pointsec Connect;c:\program files\Pointsec\Connect\PointSecConnect.exe [6/4/2007 10:01 AM 28672] R2 radexecd;HP OVCM Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [2/20/2007 8:59 AM 270510] R2 radsched;HP OVCM Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [3/22/2007 12:19 PM 172205] R2 Radstgms;HP OVCM MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [7/3/2008 8:28 AM 315570] R2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [5/19/2007 11:38 PM 167552] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 6:46 AM 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [11/25/2008 12:57 PM 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 6:46 AM 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [11/25/2008 12:57 PM 10161] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/30/2009 9:16 PM 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 7:26 PM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 5:33 AM 41216] R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [8/3/2007 10:31 AM 23424] S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [9/4/2009 3:27 PM 99248] S2 PCSLogon;PCSLogon;c:\windows\system32\drivers\pcssenslogon.exe [5/15/2007 5:09 AM 61440] S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [12/4/2006 5:49 PM 146720] S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [12/4/2006 5:49 PM 109856] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [11/25/2008 12:57 PM 27008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/8/2008 1:45 PM 23888] S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [5/15/2007 5:09 AM 36864] S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [3/10/2009 6:15 PM 45384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597923B7-C2AA-43B8-9367-1F6CC7AAB0CC}] msiexec.exe /fu {597923B7-C2AA-43B8-9367-1F6CC7AAB0CC} /qb! . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35] 2009-10-15 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35] 2009-10-15 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job - c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 17:06] 2009-10-15 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job - c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27] 2009-10-15 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job - c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [1998-10-21 18:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://athp.hp.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe Trusted Zone: compaq.com Trusted Zone: compaq.com\ie.config.asia Trusted Zone: compaq.com\ie.config.eur Trusted Zone: compaq.com\ie.config.im.hou Trusted Zone: compaq.com\ie.config.jp Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: dec.com\ie.config.ecom Trusted Zone: hp.com Trusted Zone: hpqcorp.net Trusted Zone: tandem.com\ie.config Trusted Zone: compaq.com\ie.config.asia Trusted Zone: compaq.com\ie.config.eur Trusted Zone: compaq.com\ie.config.im.hou Trusted Zone: compaq.com\ie.config.jp Trusted Zone: dec.com\ie.config.ecom Trusted Zone: tandem.com\ie.config DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 23:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1272) c:\windows\system32\pssogina.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\accrypto.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\windows\system32\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll c:\windows\system32\pcsinst.dll . Completion time: 2009-10-15 23:11 ComboFix-quarantined-files.txt 2009-10-15 03:11 Pre-Run: 126,459,506,688 bytes free Post-Run: 126,431,858,688 bytes free 326 Upload was successful ONline Log follows ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=da028da3b529ef4abc139ece4c7ce4ad # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-10-15 03:48:38 # local_time=2009-10-14 11:48:38 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3585 63 50 0 0 # compatibility_mode=5889 63 259 1 129000520997281742 # scanned=77892 # found=12 # cleaned=0 # scan_time=1564 C:\Qoobox\Quarantine\C\WINDOWS\system32\gugasara.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\kerodaru.dll.vir Win32/KillAV.NFO trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\lipupara.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\puhikuga.dll.tmp.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\tamuyali.dll.tmp.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\wojukoro.dll.tmp.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\zefugabe.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I C:\System Volume Information\_restore{40A9C770-9957-4CD1-8CA8-2B0B29CCF829}\RP1\A0000017.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{40A9C770-9957-4CD1-8CA8-2B0B29CCF829}\RP1\A0000018.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{40A9C770-9957-4CD1-8CA8-2B0B29CCF829}\RP1\A0000019.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{40A9C770-9957-4CD1-8CA8-2B0B29CCF829}\RP1\A0000023.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I C:\WINDOWS\system32\futoyiyi.dll.tmp a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
  4. FYI, I have uploaded the "C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip" file to the link you provided. I will now proceed to the next steps you list.
  5. First, thanks for your time. I do appreciated it. The log from Combofix follows: ComboFix 09-10-14.06 - skeelsfr 10/14/2009 22:25.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1235 [GMT -4:00] Running from: c:\documents and settings\skeelsfr\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-1708537768-1682526488-1343024091-500 c:\windows\Installer\161b06f.msp c:\windows\Installer\161b070.msp c:\windows\Installer\1adda31.msp c:\windows\Installer\1adda32.msp c:\windows\Installer\71b43d.msp c:\windows\Installer\71b43e.msp c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\gugasara.dll c:\windows\system32\kerodaru.dll c:\windows\system32\lipupara.dll c:\windows\system32\mozulavo.dll c:\windows\system32\pimeyewe.dll c:\windows\system32\puhikuga.dll.tmp c:\windows\system32\sySInfo.ocx c:\windows\system32\tamuyali.dll.tmp c:\windows\system32\wojukoro.dll.tmp c:\windows\system32\zefugabe.dll . ((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))))) . 2009-10-13 17:09 . 2009-10-13 17:09 -------- d-----w- c:\windows\ERUNT 2009-10-13 17:03 . 2009-10-13 17:24 -------- d-----w- C:\SDFix 2009-10-13 15:55 . 2009-10-13 15:55 -------- d-----w- c:\program files\Trend Micro 2009-10-13 14:50 . 2009-10-13 14:50 -------- d-----w- C:\VundoFix Backups 2009-10-09 02:49 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-09 02:49 . 2009-10-09 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-09 02:49 . 2009-10-09 02:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-09 02:49 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-08 14:09 . 2009-10-09 14:49 -------- d-----w- C:\!KillBox 2009-10-08 14:01 . 2009-10-08 19:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-08 12:03 . 2009-10-08 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-10-08 12:03 . 2009-10-08 12:04 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-10-08 11:59 . 2009-10-08 11:59 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Malwarebytes 2009-10-07 18:08 . 2009-10-07 18:08 -------- d-----w- c:\documents and settings\skeelsfr\WINDOWS 2009-10-02 15:28 . 2009-10-02 15:28 -------- d-----w- c:\documents and settings\skeelsfr\Local Settings\Application Data\Citrix 2009-10-02 15:28 . 2009-10-02 15:28 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\ICAClient 2009-10-02 15:16 . 2009-10-02 15:31 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Download Manager 2009-09-30 18:07 . 2009-09-30 18:07 -------- d-----w- C:\AIP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 02:33 . 2009-09-02 14:30 -------- d-----w- c:\program files\PC Backup 2009-10-14 17:47 . 2008-12-01 13:43 -------- d-----w- c:\program files\RA2HP 2009-10-14 17:29 . 2009-08-20 12:17 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\mjusbsp 2009-10-06 23:22 . 2009-08-19 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-30 18:07 . 2009-08-19 20:50 76072 ----a-w- c:\documents and settings\skeelsfr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-11 23:03 . 2009-09-11 23:03 81 ----a-w- C:\CTX.DAT 2009-09-11 00:10 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Lexmark Productivity Studio 2009-09-10 11:43 . 2009-09-10 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2009-09-04 19:27 . 2009-09-04 19:24 -------- d-----w- c:\program files\Lexmark 3500-4500 Series 2009-09-03 18:24 . 2009-09-03 18:24 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Windows Search 2009-09-02 14:31 . 2009-09-02 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Email Backup Optimization 2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:\program files\HP 2009-09-01 15:08 . 2009-09-01 15:08 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\FaxCtr 2009-09-01 14:34 . 2009-08-29 14:50 -------- d-----w- c:\program files\Lexmark Fax Solutions 2009-08-29 23:16 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Apple Computer 2009-08-29 23:10 . 2009-08-25 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-29 16:24 . 2009-08-25 11:19 -------- d-----w- c:\program files\QuickTime 2009-08-29 16:24 . 2008-11-25 15:51 -------- d-----w- c:\program files\PAL 2009-08-29 16:24 . 2009-08-19 01:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-29 16:23 . 2008-11-25 15:47 -------- d-----w- c:\program files\Hewlett-Packard 2009-08-29 14:50 . 2009-08-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr 2009-08-29 14:50 . 2009-08-29 14:50 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint 2009-08-25 11:48 . 2009-08-25 11:37 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-25 11:20 . 2009-08-25 11:20 -------- d-----w- c:\program files\iTunes 2009-08-25 11:20 . 2009-08-25 11:20 -------- d-----w- c:\program files\iPod 2009-08-25 11:20 . 2009-08-25 11:19 -------- d-----w- c:\program files\Common Files\Apple 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\program files\Bonjour 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\program files\Apple Software Update 2009-08-25 11:19 . 2009-08-25 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-08-23 17:57 . 2009-08-23 17:57 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Windows Desktop Search 2009-08-23 17:55 . 2009-08-23 17:55 -------- d-----w- c:\program files\Windows Desktop Search 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\TomTom 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Millennia 2009-08-22 13:52 . 2009-08-22 13:52 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Libronix DLS 2009-08-21 00:58 . 2009-08-21 00:58 -------- d-----w- c:\program files\IBM 2009-08-21 00:57 . 2009-08-21 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IBM 2009-08-19 20:50 . 2009-08-19 20:50 -------- d-----w- c:\documents and settings\skeelsfr\Application Data\Sonic 2009-08-19 13:31 . 2009-08-19 13:31 -------- d-----w- c:\program files\SapInstSelectorv2 2009-08-19 13:31 . 2009-08-19 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-08-19 13:31 . 2009-08-19 13:31 286720 ------w- c:\windows\Setup1.exe 2009-08-19 11:42 . 2009-08-19 11:42 -------- d-----w- c:\program files\Common Files\ESRI 2009-08-19 11:42 . 2009-08-19 11:40 -------- d-----w- c:\program files\SAP 2009-08-19 11:42 . 2009-08-19 11:41 -------- d-----w- c:\program files\Common Files\SAP Shared 2009-08-19 02:59 . 2009-08-19 02:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\WebDrive 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\EDS 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\WebDrive 2009-08-19 02:59 . 2009-08-19 02:59 -------- d-----w- c:\program files\Pointsec 2009-08-19 02:59 . 2009-08-19 02:58 2097152 ------w- C:\PROT_INS.SYS 2009-08-19 02:58 . 2009-08-19 02:58 6 ----a-w- C:\VOL_CHAR.DAT 2009-08-19 01:31 . 2009-08-19 01:31 -------- d-----w- c:\program files\Microsoft Works 2009-08-19 01:31 . 2008-12-22 16:27 -------- d-----w- c:\program files\MSBuild 2009-08-05 09:11 . 1980-01-01 00:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 01:22 . 2009-07-31 01:22 27672 ----a-w- c:\documents and settings\hpadmin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-29 14:23 . 1980-01-01 00:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-29 04:53 . 1980-01-01 00:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-17 18:55 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\atl.dll 2006-12-29 20:15 . 2009-08-19 11:43 3100672 ----a-w- c:\program files\Common Files\sapxlhelper.dll 2006-12-29 20:15 . 2009-08-19 11:43 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll 2006-12-29 20:15 . 2009-08-19 11:43 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx 2006-12-29 20:15 . 2009-08-19 11:43 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll 2006-12-07 15:26 . 2009-08-19 11:43 1129984 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt 2006-12-07 15:26 . 2009-08-19 11:43 1124864 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt 2009-07-14 13:05 . 2009-07-14 13:05 51712 --sha-w- c:\windows\system32\fabarupa.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "cdloader"="c:\documents and settings\skeelsfr\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "COEMsgDisplay"="c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-07-08 115560] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_15\bin\jusched.exe" [2008-02-09 75256] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-11-25 5720072] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2008-05-13 297000] "IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-08-12 176128] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-05 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-05 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-05 141848] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-31 177456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904] "GetITIcon"="c:\program files\Hewlett-Packard\GetITIcon\GetITShell.exe" [2009-05-05 864256] "Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [2006-12-04 941424] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240] "AgentUiRunKey"="c:\program files\PC Backup\Agent.exe" [2009-03-10 244536] "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120] "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\Main pgm.exe" [2009-09-10 1312080] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] c:\documents and settings\All Users\Start Menu\Programs\Startup\ ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2008-5-13 128552] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-7-30 197904] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableNT4Policy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoMSAppLogo5ChannelNotify"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc] 2008-05-13 09:20 109568 ----a-w- c:\windows\system32\ackpbsc.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock] 2008-05-13 09:20 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2007-05-15 20:13 49152 ----a-w- c:\windows\system32\pcsinst.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RADUISHELL.exe"= "c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"= "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"= "c:\\Program Files\\Lexmark Fax Solutions\\faxctr.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"= "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"= "c:\\WINDOWS\\system32\\lxdicfg.exe"= "c:\\WINDOWS\\system32\\lxdicoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"= "c:\\WINDOWS\\system32\\dllhost.exe"= "c:\\Documents and Settings\\skeelsfr\\Application Data\\mjusbsp\\magicJack.exe"= R0 prot_2k;prot_2k;c:\windows\system32\drivers\prot_2k.sys [12/4/2006 5:49 PM 235392] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [5/1/2008 6:23 AM 24064] R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/13/2008 5:20 AM 198184] R2 AgentService;AgentService;c:\program files\PC Backup\AgentService.exe [3/10/2009 6:15 PM 6608192] R2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\HPAVAD~1\avChgSvc.exe [11/25/2008 12:21 PM 238080] R2 EdsEncryptionMonitor;EDS Encryption Monitor;c:\program files\EDS\UCR\EdsEncryptionMonitor.exe [6/19/2007 12:01 PM 40960] R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?] R2 PCSLogon;PCSLogon;c:\windows\system32\drivers\pcssenslogon.exe [5/15/2007 5:09 AM 61440] R2 Pointsec Connect;Pointsec Connect;c:\program files\Pointsec\Connect\PointSecConnect.exe [6/4/2007 10:01 AM 28672] R2 radexecd;HP OVCM Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [2/20/2007 8:59 AM 270510] R2 radsched;HP OVCM Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [3/22/2007 12:19 PM 172205] R2 Radstgms;HP OVCM MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [7/3/2008 8:28 AM 315570] R2 WebDriveFSD;WebDrive Filesystem Driver;c:\program files\WebDrive\wdfsd.sys [5/19/2007 11:38 PM 167552] R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 6:46 AM 13619] R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [11/25/2008 12:57 PM 9493] R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 6:46 AM 13647] R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [11/25/2008 12:57 PM 10161] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/30/2009 9:16 PM 193840] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/26/2009 7:26 PM 102448] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 5:33 AM 41216] R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [8/3/2007 10:31 AM 23424] S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [9/4/2009 3:27 PM 99248] S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [12/4/2006 5:49 PM 146720] S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [12/4/2006 5:49 PM 109856] S3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys [11/25/2008 12:57 PM 27008] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/8/2008 1:45 PM 23888] S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [5/15/2007 5:09 AM 36864] S3 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [3/10/2009 6:15 PM 45384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{597923B7-C2AA-43B8-9367-1F6CC7AAB0CC}] msiexec.exe /fu {597923B7-C2AA-43B8-9367-1F6CC7AAB0CC} /qb! . Contents of the 'Scheduled Tasks' folder 2009-10-15 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35] 2009-10-15 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job - c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2009-03-27 21:35] 2009-10-15 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job - c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 17:06] 2009-10-15 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job - c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27] 2009-10-15 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job - c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [1998-10-21 18:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://athp.hp.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe Trusted Zone: compaq.com Trusted Zone: compaq.com\ie.config.asia Trusted Zone: compaq.com\ie.config.eur Trusted Zone: compaq.com\ie.config.im.hou Trusted Zone: compaq.com\ie.config.jp Trusted Zone: compaq.com.ar Trusted Zone: compaq.com.br Trusted Zone: compaq.com.co Trusted Zone: compaq.com.mx Trusted Zone: compaq.com.sg Trusted Zone: compaq.com.ve Trusted Zone: cpqcorp.net Trusted Zone: dcu.org Trusted Zone: dec.com\ie.config.ecom Trusted Zone: hp.com Trusted Zone: hpqcorp.net Trusted Zone: tandem.com\ie.config Trusted Zone: compaq.com\ie.config.asia Trusted Zone: compaq.com\ie.config.eur Trusted Zone: compaq.com\ie.config.im.hou Trusted Zone: compaq.com\ie.config.jp Trusted Zone: dec.com\ie.config.ecom Trusted Zone: tandem.com\ie.config DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{23ff5c3d-d2be-46eb-ba84-c7095121699d} - c:\windows\system32\zilebobi.dll SharedTaskScheduler-{081302e3-61cb-4e6a-91ad-423e12b1bcee} - c:\windows\system32\vunogenu.dll SharedTaskScheduler-{cfd317d9-1219-4be9-9b0d-a8d4d2cf5af3} - c:\windows\system32\lewazasu.dll SSODL-yobalokoz-{23ff5c3d-d2be-46eb-ba84-c7095121699d} - c:\windows\system32\zilebobi.dll SSODL-gozobizos-{081302e3-61cb-4e6a-91ad-423e12b1bcee} - c:\windows\system32\vunogenu.dll SSODL-rerokotit-{cfd317d9-1219-4be9-9b0d-a8d4d2cf5af3} - c:\windows\system32\lewazasu.dll SafeBoot-Symantec Antvirus ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-14 22:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1272) c:\windows\system32\pssogina.dll c:\windows\system32\ackpbsc.dll c:\windows\system32\aclog.dll c:\windows\system32\accrypto.dll c:\windows\system32\ACLIBEAY.dll c:\windows\system32\acevtsub.dll c:\windows\system32\asphat32.dll c:\windows\system32\acerrmes.dll c:\windows\system32\aspcom.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll c:\program files\ActivIdentity\ActivClient\acunlock.dll c:\windows\system32\aipingui.dll c:\windows\system32\aicext.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll c:\windows\system32\pcsinst.dll - - - - - - - > 'explorer.exe'(5536) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE c:\program files\ActivIdentity\ActivClient\acevents.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\scardsvr.exe c:\windows\system32\drivers\trcboot.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\lxdicoms.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files\WebDrive\wdService.exe c:\windows\system32\searchindexer.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\program files\ActivIdentity\ActivClient\acevents.exe c:\windows\system32\igfxsrvc.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-10-15 22:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-15 02:39 Pre-Run: 126,608,162,816 bytes free Post-Run: 126,445,654,016 bytes free 382
  6. Last week my PC had the Security Tool virus. I stomped it out using Malwarebytes, however, it keeps coming back after reboots. Malwarebytes is detecting and removing what it finds. However, there must be something that it is missing. Below are the latest logs from Malwarebytes, (latest version), (I ran it until it was clean). Also, is log from hijackthis 1) Malware bytes Log Malwarebytes' Anti-Malware 1.41 Database version: 2955 Windows 5.1.2600 Service Pack 2 10/13/2009 10:55:01 PM mbam-log-2009-10-13 (22-55-01).txt Scan type: Quick Scan Objects scanned: 109334 Time elapsed: 5 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 2) hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:53 PM, on 10/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Drivers\trcboot.exe C:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\PC Backup\AgentService.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\HPAVAD~1\avChgSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\program files\eds\ucr\edsencryptionmonitor.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxdicoms.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Drivers\pcssenslogon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Prot_srv.exe C:\Program Files\Pointsec\Connect\PointSecConnect.exe C:\WINDOWS\system32\pstartSr.exe C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\WebDrive\wdService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft Office Communicator\communicator.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe C:\Program Files\PC Backup\Agent.exe C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ActivIdentity\ActivClient\acsagent.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\Main pgm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.portal.hp.com/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {437d1bb5-9c19-46d1-8e79-26e0981e14bc} - wojukoro.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [COEMsgDisplay] c:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [iDA] c:\Program Files\Hewlett-Packard\PC COE\IDA.EXE O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [hpWirelessAssistant] c:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [GetITIcon] C:\Program Files\Hewlett-Packard\GetITIcon\GetITShell.exe O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\PC Backup\Agent.exe" -ni -sss -e http://localhost:16386/ O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\Main pgm.exe" /runcleanupscript O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\skeelsfr\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: create_shortcut.lnk = C:\Users\davenutt\create_shortcut.vbs (User 'Default user') O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file) O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com O15 - Trusted Zone: http://ie.config.asia.compaq.com O15 - Trusted Zone: http://ie.config.eur.compaq.com O15 - Trusted Zone: http://ie.config.im.hou.compaq.com O15 - Trusted Zone: http://ie.config.jp.compaq.com O15 - Trusted Zone: http://*.compaq.com O15 - Trusted Zone: http://*.compaq.com.ar O15 - Trusted Zone: http://*.compaq.com.br O15 - Trusted Zone: http://*.compaq.com.co O15 - Trusted Zone: http://*.compaq.com.mx O15 - Trusted Zone: http://*.compaq.com.sg O15 - Trusted Zone: http://*.compaq.com.ve O15 - Trusted Zone: http://*.cpqcorp.net O15 - Trusted Zone: http://*.dcu.org O15 - Trusted Zone: http://ie.config.ecom.dec.com O15 - Trusted Zone: http://*.hp.com O15 - Trusted Zone: http://*.hpqcorp.net O15 - Trusted Zone: http://ie.config.tandem.com O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM) O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM) O15 - Trusted Zone: http://ie.config.tandem.com (HKLM) O16 - DPF: {00000033-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms33 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall33.cab O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPITWeb/Customer...DataManager.CAB O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169809900876 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab O16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net O17 - HKLM\Software\..\Telephony: DomainName = americas.hpqcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.hpqcorp.net,AMERICAS.cpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.hpqcorp.net,AMERICAS.cpqcorp.net,hpqcorp.net,cpqcorp.net O20 - AppInit_DLLs: c:\windows\system32\wunuveye.dll bibuwoge.dll c:\windows\system32\vunogenu.dll c:\windows\system32\lewazasu.dll tamuyali.dll O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll O21 - SSODL: yobalokoz - {23ff5c3d-d2be-46eb-ba84-c7095121699d} - c:\windows\system32\zilebobi.dll (file missing) O21 - SSODL: gozobizos - {081302e3-61cb-4e6a-91ad-423e12b1bcee} - c:\windows\system32\vunogenu.dll (file missing) O21 - SSODL: rerokotit - {cfd317d9-1219-4be9-9b0d-a8d4d2cf5af3} - c:\windows\system32\lewazasu.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {23ff5c3d-d2be-46eb-ba84-c7095121699d} - c:\windows\system32\zilebobi.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {081302e3-61cb-4e6a-91ad-423e12b1bcee} - c:\windows\system32\vunogenu.dll (file missing) O22 - SharedTaskScheduler: mujuzedij - {cfd317d9-1219-4be9-9b0d-a8d4d2cf5af3} - c:\windows\system32\lewazasu.dll (file missing) O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\PC Backup\AgentService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: HP-AV Change Monitor Service (AvChgSvc) - Unknown owner - C:\PROGRA~1\HPAVAD~1\avChgSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: IBM Command Line Trace (cstrcser) - IBM Corporation - C:\WINDOWS\system32\drivers\cstrcser.exe O23 - Service: EDS Encryption Monitor (EdsEncryptionMonitor) - EDS - c:\program files\eds\ucr\edsencryptionmonitor.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: PCSLogon - Unknown owner - C:\WINDOWS\system32\Drivers\pcssenslogon.exe O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe O23 - Service: Pointsec Connect - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Connect\PointSecConnect.exe O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe -- End of file - 17026 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.